﻿@model UserAccountViewModel
@{
    var parent = (WebViewPage)TempData["Parent"];
}

@foreach (var cred in Model.CredentialGroups[CredentialKind.External])
{
    @ViewHelpers.Section(parent,
        "change-credential-" + cred.Key,
        @<text>Login Account</text>,
        @<text>@cred.TypeCaption | 
            @if (CredentialTypes.IsMicrosoftAccount(cred.Type))
            {
                var is2faEnabled = Model.User.EnableMultiFactorAuthentication;
                <span>
                    <i class="ms-Icon ms-Icon--@(is2faEnabled ? "CheckMark" : "Warning") @(is2faEnabled ? "checkmark" : "warning")-icon" aria-hidden="true"></i> 2FA @(is2faEnabled ? "enabled" : "disabled")
                </span>
            }
            else if (CredentialTypes.IsAzureActiveDirectoryAccount(cred.Type))
            {
                var is2faEnabled = User.WasMultiFactorAuthenticated();
                <span>
                    <i class="ms-Icon ms-Icon--@(is2faEnabled ? "CheckMark" : "Warning") @(is2faEnabled ? "checkmark" : "warning")-icon" aria-hidden="true"></i> 2FA @(is2faEnabled ? "enabled" : "disabled")
                </span>
            }
        </text>,
        @<text>
            @using (Html.BeginForm("LinkOrChangeExternalCredential", "Users", FormMethod.Post, new { aria_label = "Link or change " + cred.TypeCaption }))
            {
                @Html.AntiForgeryToken()

                <div class="login-account-row">
                    <span class="col-sm-9"  style="padding: 0;">
                        Microsoft account: <b>@cred.Identity</b>
                    </span>
                    <span class="col-sm-3" style="padding: 0;">
                        <button class="btn btn-brand-secondary btn-block" type="submit"
                                data-confirm="This action will replace all of your linked accounts and password login with the new login account. Are you sure you want to change your login account?">
                            Change Account
                        </button>
                    </span>
                </div>
            }

            @if (CredentialTypes.IsAzureActiveDirectoryAccount(cred.Type))
            {
                <div class="login-account-row">
                    @if (User.WasMultiFactorAuthenticated())
                    {
                        <span>
                            Two-factor authentication is enabled for your Microsoft Entra ID login account. <i class="ms-Icon ms-Icon--CheckMark checkmark-icon" aria-hidden="true"></i>
                        </span>
                    }
                    else
                    {
                        <span>
                            Two-factor authentication is disabled for your Microsoft Entra ID login account. We recommend you ask your Microsoft Entra ID tenant administrator to enable this setting. <i class="ms-Icon ms-Icon--Warning warning-icon" aria-hidden="true"></i>
                        </span>
                    }
                </div>
            }
            else
            {
                using (Html.BeginForm("ChangeMultiFactorAuthentication", "Users", FormMethod.Post, new { aria_label = "Change multi-factor authentication setting" }))
                {
                    @Html.AntiForgeryToken()

                    @Html.Hidden("enableMultiFactor", !Model.User.EnableMultiFactorAuthentication);
                    <div class="login-account-row">
                        @if (!Model.IsNewAccount2FAEnforcementEnabled && Model.User.EnableMultiFactorAuthentication)
                        {
                            <span class="col-sm-9"  style="padding: 0;">
                                Two-factor authentication is currently enabled <i class="ms-Icon ms-Icon--CheckMark checkmark-icon" aria-hidden="true"></i>
                            </span>
                            <span class="col-sm-3" style="padding: 0;">
                                <button class="btn btn-brand-danger btn-block" type="submit"
                                        data-confirm="This action will disable 2FA, making your account less secure. Are you sure you want to disable this setting?">
                                    Disable
                                </button>
                            </span>
                        }
                        else if (!Model.User.EnableMultiFactorAuthentication)
                        {
                            <span class="col-sm-9"  style="padding: 0;">
                                Two-factor authentication is currently disabled <i class="ms-Icon ms-Icon--Warning warning-icon" aria-hidden="true"></i>
                            </span>
                            <span class="col-sm-3" style="padding: 0;">
                                <button class="btn btn-brand-secondary btn-block" type="submit">Enable</button>
                            </span>
                        }
                    </div>
                }
            }
        </text>)
}